Alyned Thinking

Why new thinking is needed and how we are putting our expertise to work.

Secure File Evidence, Report Status and some comfort enhancements

Summary of Changes

Secure File Evidence

1. Secure File Evidence

Proudly, Alyne introduces Secure File Evidence as a top notch way of securely encrypting and storing files as evidence for Assessments and other Alyne features - in one of 12 storage locations (your choice).

Report Status and Sign-off

2. Report Status and Sign-off

We brought draft, review and sign-off status to Reports including a secure audit log history about the changes made in the Report: who, what, when.

Topic Sort in Assessments

3. Topic Sort in Assessments

When setting up the Assessment questions, you might want to have a different sort order for your topics. Here you go.

Changes in detail

New features

Secure File Evidence

We worked hard on providing a highly secure, resilient and comfortable feature to attach file evidence to Assessment responses. After a thorough analysis, we went with the top notch capabilities Amazon Web Services (AWS) have to offer for encryption and storage of confidential file data: Hardware Security Modules.

Technically in brief: Each Alyne customers gets an individual Master Key that lives inside a Hardware Security Module and cannot leave it - nobody knows the key, neither Alyne nor AWS. A separate blog post and a Technical Whitepaper will go into more detail.

  • When a file is attached to an Assessment Response, the Hardware Security Module crafts an individual encryption key for that very file and encrypts it.
  • Alyne does not know these individual encryption keys either. This is called envelope encryption.
  • When downloading or deleting these encrypted files, the Alyne backend grants temporary credentials for using these encryption keys limited to the files requested.
  • Each credential and download link in our web application is only valid for 15 minutes.

Access is only granted for the Alyne users that are either Expert users or Responders to the Assessment. A Responder cannot see or modify evidence of another Responder. Expert Users cannot delete evidence provided by a Responder.

Being technically complex, the user interface is super simple. As an responder you just click on the upload button of an Assessment response, select the files from your computer and you are all set. After an Assessment is closed you can still download files, but cannot delete them.

We offer each customer the choice between 12 locations around the world where these files should be encrypted and stored:

  • Mumbai, India
  • Tokyo, Japan
  • Seoul, South Corea
  • Singapore
  • Sydney, Australia
  • Frankfurt, Germany
  • Ireland
  • São Paulo, Brasil
  • N. Virginia, US
  • Ohio, US
  • N. California, US
  • Oregon, US

Alyne Secure Evidence is a paid addon, please get in contact.

Report status and sign-off

A customer asked for a status concept for Reports and we said yes. Reports can now be moved from status Draft to In Review to Signed off. These status changes by whom and when are logged in an audit history right at the report. It's easy, you just need to slide from status to status. When signed off, you cannot make any changes to the Report anymore.

Topic sort in Assessments

Another customer request was the ability to change the sort order of Assessment questions while setting up an Assessment. We implemented this in our Topic Navigator where you can move around questions topic-wise.

Comfortable multi-language

Alyne has had international customers right from the beginning. That's why we put emphasis on frictionless functionality of multi-language content such as Controls, Control Sets, Assessments, Funnels and more. In case you are very sure that one language will be enough you can enforce an organisation-wide language: Every user sees content in the same predefined language.

If you do not have the time to fill in titles and descriptions in any language offered in our interface, we now automatically fill up the language versions that have been left empty. This works now for Control Sets, Assessments, Funnels, Objects and to a fair degree for Controls.

Export of custom standards in Assessment response exports

Another customer request we followed: When exporting Assessment responses, custom standards mapped to your Assessment questions/Controls are included in the export as well. Needs only a check mark in the export popup.

Contracts quota/ limits

As we moved to subscription model, we of course would like to give you transparency about your current usage and the limits of your plan. Don't be afraid, we will be fair in interpreting if you exceeded your limit or not...

Explicit comment save button

We saw that in rare cases users can get confused in determining if a comment is already submitted or not. Comments are an essential part of Assessments and in the alynement of Controls and Control Sets. So we introduced subtle buttons and a mini confirmation.

Bug fixes

  • We fixed some rather annoying visual issues on Internet Explorer 11. For instance, Risk graphs tend to to flicker when hovered. No offense, but IE 11 does things differently sometimes.
  • In a very limited set of views on Chrome and Safari, the user saw massive scrollbars. Looked stylish, but not our favourite choice. Chrome and Safari do scrollbars differently.
  • We are now prohibiting sending empty comments. No need for it.
  • We modified some screens in order to improved usability on very small screens or resolutions. No, I don't mean tablets or phones, but notebook screens. Screen real estate is a thin.
  • In rare cases, we did not show the save button when you change target maturities while setting up Assessments. Made no sense. Fixed.
  • We missed a translation in the org log. No big deal.
  • We did not show the full Reactions view while viewing Control Favourites. Fixed.

Photocredit: markusspiske / photocase.de

Manuel Reil
Author: Manuel Reil
Co-Founder, Chief Technology Officer
About the author
Co-founder and CTO of Alyne, IT security and architecture expert, 20 years web technologist, traveller